GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
AWS Amplify CLI has incorrect trust policy management
Critical
CVE-2024-28056
was published
for
@aws-amplify/cli
(npm)
Apr 15, 2024
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Critical
CVE-2023-7080
was published
for
wrangler
(npm)
Jan 3, 2024
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
matrix-appservice-irc vulnerable to IRC mode parameter confusion
Moderate
CVE-2022-39202
was published
for
matrix-appservice-irc
(npm)
Sep 15, 2022
Parsing issue in matrix-org/node-irc leading to room takeovers
High
CVE-2022-39203
was published
for
matrix-appservice-irc
(npm)
Sep 15, 2022
Improper Privilege Management in NocoDB
High
CVE-2022-2063
was published
for
nocodb
(npm)
Jun 14, 2022
Improper Privilege Management in Azure ms-rest-nodeauth
High
CVE-2021-28458
was published
for
@azure/ms-rest-nodeauth
(npm)
May 24, 2022
Improper Privilege Management in shelljs
High
CVE-2022-0144
was published
for
shelljs
(npm)
Jan 21, 2022
Improper Privilege Management in shelljs
Moderate
GHSA-64g7-mvw6-v9qj
was published
for
shelljs
(npm)
Jan 14, 2022
TimelockController vulnerability in OpenZeppelin Contracts
Critical
CVE-2021-39168
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Aug 30, 2021
TimelockController vulnerability in OpenZeppelin Contracts
Critical
CVE-2021-39167
was published
for
@openzeppelin/contracts
(npm)
Aug 30, 2021
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Any logged in user could edit any other logged in user.
High
CVE-2021-29452
was published
for
@curveball/a12n-server
(npm)
Apr 19, 2021
npm Vulnerable to Global node_modules Binary Overwrite
High
CVE-2019-16777
was published
for
npm
(npm)
Dec 13, 2019
dwebp-bin downloads Resources over HTTP
High
CVE-2016-10633
was published
for
dwebp-bin
(npm)
Feb 18, 2019
Downloads Resources over HTTP in bionode-sra
High
CVE-2016-10613
was published
for
bionode-sra
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-image
High
CVE-2016-10616
was published
for
openframe-image
(npm)
Feb 18, 2019
Downloads Resources over HTTP in libxl
High
CVE-2016-10585
was published
for
libxl
(npm)
Feb 18, 2019
Downloads Resources over HTTP in prince
High
CVE-2016-10591
was published
for
prince
(npm)
Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli
High
CVE-2016-10597
was published
for
cobalt-cli
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-glslviewer
High
CVE-2016-10607
was published
for
openframe-glslviewer
(npm)
Feb 18, 2019
Downloads Resources over HTTP in node-bsdiff-android
High
CVE-2016-10641
was published
for
node-bsdiff-android
(npm)
Sep 18, 2018
ProTip!
Advisories are also available from the
GraphQL API